部署ingress-nginx访问k8s内部pod应用服务

• 下载官方 nginx 版本

wget -O ingress-deploy.yaml https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.41.2/deploy/static/provider/cloud/deploy.yaml

• 修改下载后的ingress-deploy.yaml

vim ingress-deploy.yaml

1. 增加行 replicas: 2 副本数

# Source: ingress-nginx/templates/controller-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    helm.sh/chart: ingress-nginx-3.10.1
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 0.41.2
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: controller
  name: ingress-nginx-controller
  namespace: ingress-nginx
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: ingress-nginx
      app.kubernetes.io/instance: ingress-nginx
      app.kubernetes.io/component: controller
  revisionHistoryLimit: 10
  minReadySeconds: 0
  replicas: 2
  template:

image.png

2. 修改镜像为国内镜像
   增加行 hostNetwork: true
   image: pollyduan/ingress-nginx-controller:v0.41.2

  template:
    metadata:
      labels:
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/component: controller
    spec:
      hostNetwork: true
      dnsPolicy: ClusterFirst
      containers:
        - name: controller
          image: pollyduan/ingress-nginx-controller:v0.41.2
          #image: k8s.gcr.io/ingress-nginx/controller:v0.41.2@sha256:1f4f402b9c14f3ae92b11ada1dfe9893a88f0faeb0b2f4b903e2c67a0c3bf0de
          imagePullPolicy: IfNotPresent
          lifecycle:
            preStop:
              exec:
                command:
                  - /wait-shutdown

image.png

• 节点服务器上添加标签 和 ingress-deploy.yaml 中保持一致否则部署时会出现错误

  
  
  image.png

root@master:/home/ljy/桌面# kubectl label nodes master ingress-ready=true
node/master labeled
root@master:/home/ljy/桌面# kubectl label nodes master kubernetes.io/os=linux --overwrite
node/master not labeled

• 部署 ingress-deploy.yaml

root@master:/home/ljy/桌面# kubectl apply -f ingress-deploy.yaml
namespace/ingress-nginx created
serviceaccount/ingress-nginx created
configmap/ingress-nginx-controller created
clusterrole.rbac.authorization.k8s.io/ingress-nginx created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx created
role.rbac.authorization.k8s.io/ingress-nginx created
rolebinding.rbac.authorization.k8s.io/ingress-nginx created
service/ingress-nginx-controller-admission created
service/ingress-nginx-controller created
deployment.apps/ingress-nginx-controller created
validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created
serviceaccount/ingress-nginx-admission created
clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
role.rbac.authorization.k8s.io/ingress-nginx-admission created
rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
job.batch/ingress-nginx-admission-create created
job.batch/ingress-nginx-admission-patch created

• 查看运行情况

kubectl get pod,service -n ingress-nginx -o wide

root@master:/home/ljy/桌面# kubectl get pods -n ingress-nginx
NAME                                       READY   STATUS    RESTARTS   AGE
ingress-nginx-controller-9f64489f5-7pvwf   1/1     Running   3          3d1h

root@master:/home/ljy/桌面# kubectl get pod,service -n ingress-nginx -o wide
NAME                                           READY   STATUS    RESTARTS   AGE    IP          NODE     NOMINATED NODE   READINESS GATES
pod/ingress-nginx-controller-9f64489f5-7pvwf   1/1     Running   3          3d1h   10.0.2.15   master              

NAME                                         TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE    SELECTOR
service/ingress-nginx-controller             LoadBalancer   10.103.52.62         80:30074/TCP,443:31737/TCP   3d1h   app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx
service/ingress-nginx-controller-admission   ClusterIP      10.97.102.169           443/TCP                      3d1h   app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx

如果pod状态有异样请使用kubectl describe pod pod名称 -n ingress-nginx 查看详情

kubectl describe pod ingress-nginx-controller-9f64489f5-7pvwf -n ingress-nginx

• 解析域名

vim /etc/hosts
10.0.2.15 cloud-test.com

• 编写请求转发规则
  vim nginx-ingress.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-ingress
  namespace: cloud  # 命名空间和代理的serviceName 所属命名空间保存一致，否则访问是会出现503错误
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/rewrite-target: /
    # 开启use-regex，启用path的正则匹配
    nginx.ingress.kubernetes.io/use-regex: 'true'
spec:
  rules:
    - host: cloud-test.com  # 域名
      http:
        paths:
          - path: /common
            backend:
              # 注册的服务名称
              serviceName: cloud-communal-service
              # 服务端口
              servicePort: 18080

• 启动规则

kubectl apply -f nginx-ingress.yaml

root@master:/home/ljy/桌面# kubectl apply -f nginx-ingress.yaml 
Warning: networking.k8s.io/v1beta1 Ingress is deprecated in v1.19+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
ingress.networking.k8s.io/nginx-ingress created

• 进入容器查看nginx配置信息

kubectl exec -it ingress-nginx-controller-9f64489f5-7pvwf -n ingress-nginx -- /bin/bash
bash-5.0$ cat nginx.conf | grep -A 30 cloud-test.com

image.png

证明 ingress-controller Pod 里面 nginx 配置已经生效了

• 查看 ingress service

kubectl get service -o wide -n ingress-nginx

root@master:/home/ljy/桌面# kubectl get service -o wide -n ingress-nginx
NAME                                 TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE    SELECTOR
ingress-nginx-controller             LoadBalancer   10.103.52.62         80:30074/TCP,443:31737/TCP   3d1h   app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx
ingress-nginx-controller-admission   ClusterIP      10.97.102.169           443/TCP                      3d1h   app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx

我们可以看到对外暴露了 31391 端口，访问任何节点的 31391 端口即可访问到 Pod服务。
但该端口是随机的，并且重建后会变化，我们可以直接访问运行 ingress-controller Pod 的 80 端口。

• 测试

root@master:/home/ljy/桌面# curl cloud-test.com:18080
{"status":200,"message":"请查看API文档","data":null,"extend":null,"timestamp":"2020-12-21 08:40:46","success":true,"total":null,"description":null}

root@master:/home/ljy/桌面# curl cloud-test.com/common
{"status":200,"message":"请查看API文档","data":null,"extend":null,"timestamp":"2020-12-21 08:40:46","success":true,"total":null,"description":null}

• 查看端点endpoint
  kubectl get endpoints --all-namespaces

root@master:/home/ljy/桌面# kubectl get endpoints --all-namespaces
NAMESPACE       NAME                                 ENDPOINTS                                                  AGE
cloud           cloud-communal-service               10.0.2.15:18080                                            33m
default         kubernetes                           10.0.2.15:6443                                             11d
ingress-nginx   ingress-nginx-controller             10.0.2.15:443,10.0.2.15:80                                 3d1h
ingress-nginx   ingress-nginx-controller-admission   10.0.2.15:8443                                             3d1h
kube-system     kube-controller-manager                                                                   11d
kube-system     kube-dns                             10.244.0.47:53,10.244.0.48:53,10.244.0.47:53 + 3 more...   11d
kube-system     kube-scheduler                                                                            11d

如果没有 serviceName: cloud-communal-service 端点，访问cloud-test.com/common就会报503 服务不可用